Audioworxs and HIPAA

Dataworxs has designed Audioworxs Audio Management System to provide secure access to information. The following explains how Audioworxs' features relate to the health industry's HIPAA requirements.

The Audioworxs Audio Management System by Dataworxs Systems Limited has a number of security features that protect the unauthorized access to potentially sensitive health information. This document describes the security features as they relate to Security and Electronic Signature Standards of the U.S. Health Insurance Portability and Accountability Act of 1996 (HIPAA). Dataworxs continues to enhance its products to ensure secure and confidential access to information.

Technical Security Services to Guard Data Integrity, Confidentiality, and Availability

  • Role-Based Access Control – Audioworxs provides a mechanism for roles to be assigned to each user thereby restricting access to various components of the system and thus restricting the user’s ability to access information. Further, the role of administrator is sub-divided into three different access levels – each which provides unique restrictions on data access.
  • User-Based Access Control – All users of the Audioworxs system are assigned a unique user ID with an optional password.
  • Contingency Plans – Audioworxs provides utilities for the automated backup of its databases and for the archival of completed audio files. A contingency plan should also make use of the facility’s regular network backup tools and procedures to ensure that current audio is backed up on a regular basis.
  • Entity Authentication – Access to critical Audioworxs components are protected by user ID’s and (optionally) by a password (PIN).
  • Data Authentication – Once a document has been signed, the digital signature provides the corroboration that data has not been altered or destroyed in an unauthorized manner.

Technical Security Mechanisms to Guard Against Unauthorized Access to Data That is Transmitted Over a Communications Network

  • Encryption – Audioworxs uses 128-bit key encryption to encrypt documents (audio and text) during transmission over open or private networks. The encryption key is dynamically created on a per connection basis using rules known to the client and server components. The key is not transmitted.
  • Audio Trail – An event is logged each time a Job’s audio is accessed by an author or transcriptionist/editor. This includes creation, listen-only access, and transcription/editing.
  • Entity Authentication – Client applications first require that a user “log in” to the system by providing a valid user number and optionally a password (PIN). Unless a login attempt is successful the user is not permitted to perform any action or access any data.
  • Event Reporting – All failed login attempts are logged for later review as are all important events associated with the creation, distribution, transcription, and deletion of a job.

 

 

Electronic Signature

Dataworxs uses an industry standard MD5 Message-Digest algorithm to digitally “sign” electronic documents. The signature is based on the document data and the user’s ID. Once signed an audio document is unable to be modified. The signature can be used to authenticate data in terms of the signor and content.

 

Administrative Procedures to Guard Data Integrity, Confidentiality, and Availability

Audioworxs allows only users assigned the role of administrator and granted “Full Control” privileges to add, modify or delete users from the system. Further, group-based administrators can be created that are allowed the privilege of adding, modifying and deleting users in their assigned group(s) but not others.

Audioworxs provides the ability to create, modify, and remove users from the system. In the event of an employee’s termination or position change a user’s record (account) can be disabled, a new password assigned, or removed from the system.